使用实例配置文件凭证的 AWS CLI
AWS CLI using Instance Profile Credentials
在我的 EC2 实例中使用 AWS CLI 时,如何指定我想要使用实例配置文件凭证?文档说:
Instance profile credentials – these credentials can be used on EC2
instances with an assigned instance role, and are delivered through
the Amazon EC2 metadata service.
这是自动的还是我需要调用元数据服务并将返回的凭据保存到 ~/.aws/credentials 文件...然后调用?
你说的是 IAM Roles。这些附加到 EC2 实例,密钥 rolled/rotated 每四个小时一次。
您不需要从实例元数据中提取它们并将其提供给 aws-cli 或 SDK,它们会自动提取。
如果您 运行 带有 --debug 标志的 aws-cli,您应该会看到正在提取的凭据:
$ aws --debug s3 ls
...
2015-03-10 18:15:04,459 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2015-03-10 18:15:04,465 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,466 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 37
2015-03-10 18:15:04,468 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,469 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/myrole-snipped HTTP/1.1" 200 898
2015-03-10 18:15:04,469 - MainThread - botocore.credentials - INFO - Found credentials from IAM Role: myrole-snipped
在我的 EC2 实例中使用 AWS CLI 时,如何指定我想要使用实例配置文件凭证?文档说:
Instance profile credentials – these credentials can be used on EC2
instances with an assigned instance role, and are delivered through
the Amazon EC2 metadata service.
这是自动的还是我需要调用元数据服务并将返回的凭据保存到 ~/.aws/credentials 文件...然后调用?
你说的是 IAM Roles。这些附加到 EC2 实例,密钥 rolled/rotated 每四个小时一次。
您不需要从实例元数据中提取它们并将其提供给 aws-cli 或 SDK,它们会自动提取。
如果您 运行 带有 --debug 标志的 aws-cli,您应该会看到正在提取的凭据:
$ aws --debug s3 ls
...
2015-03-10 18:15:04,459 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2015-03-10 18:15:04,465 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,466 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 37
2015-03-10 18:15:04,468 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,469 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/myrole-snipped HTTP/1.1" 200 898
2015-03-10 18:15:04,469 - MainThread - botocore.credentials - INFO - Found credentials from IAM Role: myrole-snipped